I currently work for a small company as a security analyst. I handle a lot of the IT compliance efforts and am aided by software that helps to alert to compliance needs so it’s pretty easy. I am very technically capable – networking and dev experience.
My position is only in the standard user pool and is not given access to any of our firewall systems, any of our servers from SMTP, to SQL, or Win servers, no IDS tools, nothing outside of Office365, Outlook, and the internet.
Our VP of IT Security is non-technical and for that reason it seems like infrastructure locks us out completely. The only people that have insight into what is REALLY configured for firewalls, what updates we’re on/patches we’ve applied, how our technical security posture looks is members of infrastructure. I just have to take them at their word.
Am I out of line for thinking I should have access to some of that stuff? If I’m signing off on compliance stuff should I not be able to see the EXACT configs? Am I being set up as a fall guy?
Whenever I ask infra for info about 75% of the time they are “too busy,” yet whenever I ask to help them they, “don’t have anything for me.” Like wtf is that? You’re short handed but won’t take a capable individual?
Looking for advice.